Courseiva
VPNCCNA 200-301

GRE Tunnel Up But Traffic Not Forwarding

Presenting Symptom

The GRE tunnel is up/up, but traffic destined for the remote network is not being forwarded through the tunnel.

Network Context

Two Cisco routers (R1 and R2) are connected via a GRE tunnel over the public Internet. Each router has a loopback interface representing the remote LAN. The tunnel interfaces are configured with IP addresses from a private subnet (10.0.0.0/30). The physical interfaces are up, and the tunnel shows up/up, but pings from R1's LAN to R2's LAN fail.

Diagnostic Steps

1

Check the tunnel interface status

show ip interface brief
Tunnel0            10.0.0.1       YES manual up                    up

The tunnel interface is up/up, indicating Layer 1 and Layer 2 are operational. The problem is likely at Layer 3 or routing.

2

Verify the routing table for the remote network

show ip route 192.168.2.0
Routing entry for 192.168.2.0/24
  Known via "connected", distance 0, metric 0 (connected)
  * directly connected via Loopback0

If the route is via the tunnel interface, it should show 'via Tunnel0'. If it shows a different path or is missing, routing is misconfigured. Here, it shows directly connected, meaning the route is not pointing to the tunnel.

3

Check for a static route pointing to the tunnel

show running-config | include ip route
ip route 192.168.2.0 255.255.255.0 Tunnel0

If the static route is missing or points to the wrong interface, traffic won't use the tunnel. The expected output should show a route to the remote LAN via Tunnel0.

4

Verify the tunnel source and destination

show interface tunnel 0
Tunnel0 is up, line protocol is up
  Hardware is Tunnel
  Internet address is 10.0.0.1/30
  Tunnel source 1.1.1.1, destination 2.2.2.2

Ensure the tunnel source and destination IPs are correct and reachable. If the destination is unreachable, the tunnel may still show up/up but traffic won't pass.

5

Check if the tunnel destination is reachable

ping 2.2.2.2 source 1.1.1.1
!!!!!

If ping fails, the physical path to the tunnel destination is broken. The tunnel may be up due to keepalives but actual traffic fails.

Root Cause

The static route on R1 for the remote LAN (192.168.2.0/24) is missing or incorrectly configured. The tunnel interface is up, but without a route pointing traffic into the tunnel, packets are dropped or sent out the wrong interface.

Resolution

Configure the missing static route on R1: R1(config)# ip route 192.168.2.0 255.255.255.0 Tunnel0 This command adds a static route for the remote LAN (192.168.2.0/24) pointing to the tunnel interface. Ensure a similar route exists on R2 for the local LAN (192.168.1.0/24).

Verification

Run 'show ip route 192.168.2.0' on R1. Expected output: Routing entry for 192.168.2.0/24 Known via "static", distance 1, metric 0 * via Tunnel0 Then test connectivity: ping 192.168.2.1 source 192.168.1.1. Expected: !!!!!

Prevention

1. Always verify routing table entries after configuring GRE tunnels. 2. Use a routing protocol (e.g., OSPF, EIGRP) over the tunnel to dynamically exchange routes. 3. Document static route requirements for tunnel-based networks.

CCNA Exam Relevance

On the CCNA 200-301 exam, this scenario tests understanding of GRE tunnel operation and the importance of routing. Expect multiple-choice questions asking why traffic fails despite tunnel being up, or drag-and-drop to place correct static route. Key fact: A GRE tunnel being up/up does not guarantee traffic forwarding; correct routing is required.

Exam Tips

1.

Remember: 'show ip interface brief' shows tunnel status, but 'show ip route' shows where traffic actually goes.

2.

The exam may present a scenario where the tunnel is up but pings fail; the most common cause is missing or incorrect static route.

3.

Know that 'ip route <remote-network> <mask> Tunnel0' is the correct syntax; using the tunnel IP instead of interface name is a common mistake.

Commands Used in This Scenario

ping [ip]

The ping command sends ICMP echo requests to a destination IP address to test network connectivity and measure round-trip time.

show ip interface brief

Displays a summary of all IP interfaces on the device, including their IP address, status, and protocol state, used for quick verification of interface configuration and connectivity.

show ip route

Displays the current IP routing table on a Cisco router, used to verify routes, check next-hop addresses, and troubleshoot connectivity issues.

Test Your CCNA Knowledge

Practice with scenario-based questions to prepare for the CCNA 200-301 exam.

Practice CCNA Questions